Following the news that Boris Johnson has signed a deal with Virgin Media to enable calling on the Tube, (see our previous story here), London Overground has announced that commuters will get free Wi-Fi access at up to 56 London stations. This follows an agreement between London Overground and public Wi-Fi network operator, The Cloud. Although the roll out isn’t exactly detailed, some should have it in time for the London 2012 Olympics. See Rightmobilephone‘s blog here for list of first stations to offer it. One danger, according to Kineto Wireless is that the current system of leaving wireless access points(WAPs) Open brings risks to smartphone, tablet and notebook owners. The free London Overground service is available in the vicinity of the station for up to 60 minutes.
After that users will be charged on a PAYG basis. As normal users will need to go through a one-time registration service to get access.
According to Kineto Wireless’s Steve Shaw such ‘open access’ which enables a person to find a hotspot, quickly becomes the security hole through which hackers capture data as it flies through the air.
Rather than viewing the Wi-Fi access point as an end-point, it needs to be viewed as a proxy, a gateway for devices to access services from a variety of providers, Shaw says.
Step one is to help devices know what they are getting. An SSID of ‘coffee_shop’ is quaint for local access, but in reality this coffee shop access point (AP) could become a proxy for service providers like iPass, Boingo, the Cloud or even AT&T.
Rather than broadcasting an open AP name, the device would query the AP to determine a whole range of information, including authentication and security mechanisms.
Second step is authentication. Perhaps the coffee shop has agreed to proxy service for a range of providers? A device may have the username and password credentials pre-loaded to use Boingo’s service.
Rather than being the endpoint, the AP takes the Boingo credentials from the device and then queries Boingo’s servers directly to enable (or reject) connectivity.
For smartphones or other SIM-based devices, the process may rely on the SIM credentials, thus moving to a completely automated authentication process.
This is exactly why the GSMA recently got together with the Wireless Broadband Alliance (WBA) to tackle the issue. See our previous story here.
A key security hole in today’s networks is that APs need to be open (unencrypted) for a device to begin to attach. It’s this ‘over the air (OTA)’ interface which is most vulnerable.
Next-generation APs will appear locked, but will have the ability for the device to query for specific information about the AP and begin the authentication process securely.
Shaw concludes, “These capabilities are all inherent in the cellular network today. Applying the same principles to the world of public Wi-Fi will only serve to ease connectivity, increase security and begin transforming Wi-Fi into a credible sidekick to the outdoor macro network.”
Post a Comment